home

dmr_72.exe

CHIP Secured Installer

CHIP Digital GmbH

The application dmr_72.exe by CHIP Digital GmbH has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Covus installer. While running, it connects to the Internet address ocs3.chdi-server.de on port 443.
Publisher:
CHIP Digital GmbH  (signed and verified)

Product:
CHIP Secured Installer

Description:
DMR

Version:
1.1.5.5

MD5:
9b6c9b2660e2819352b9e9afa900eb68

SHA-1:
a901074f923efa09a7e4413d55ef30c8fcbd0322

SHA-256:
e7b27eb0b4e5ccfb97d68a125cb401b05939b8fd8010c57f72b04e9e841b6b5a

Scanner detections:
4 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/16/2024 1:28:30 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Adware.Downware.10929
9.0.1.0303

ESET NOD32
Win32/DownloadSponsor.C potentially unwanted (variant)
9.12489

Reason Heuristics
Win32.Generic.Covus.Bundler.Meta
15.10.30.13

File size:
504.3 KB (516,384 bytes)

Product version:
1.1.5.5

Copyright:
Copyright © 2015 Chip Digital GmbH

Trademarks:
CHIP Secured Installer

Original file name:
DMR.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dmr_72.exe

Digital Signature
Signed by:
CHIP Digital GmbH

Authority:
DigiCert Inc

Valid from:
1/7/2015 1:00:00 AM

Valid to:
2/24/2016 1:00:00 PM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=München, S=Bavaria, C=DE

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01A0C3E3BC069F71B464AAD34063E209

File PE Metadata
Compilation timestamp:
10/30/2015 10:26:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:PCjhHm4zAJlv9FJ+o0zOFJ2+l9AlstfWETi+:6l0llFJ+o0zQJ9TtDi+

Entry address:
0x7B4DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
485.5 KB (497,152 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www2.chdi-server.de  (5.9.198.83:80)

TCP (HTTP):
Connects to www1.chdi-server.de  (176.9.97.244:80)

TCP (HTTP):
Connects to static.84.198.9.5.clients.your-server.de  (5.9.198.84:80)

TCP (HTTP):
Connects to ocs1.chdi-server.de  (5.9.175.19:80)

TCP (HTTP):
Connects to www1.thinklabs-cluster.de  (148.251.198.118:80)

TCP (HTTP SSL):
Connects to ocs3.chdi-server.de  (5.9.176.3:443)

TCP (HTTP):
Connects to www2.thinklabs-cluster.de  (148.251.198.119:80)

TCP (HTTP):
Connects to static.245.97.9.176.clients.your-server.de  (176.9.97.245:80)

TCP (HTTP SSL):
Connects to ocs2.chdi-server.de  (5.9.116.27:443)

TCP (HTTP):
Connects to a95-101-89-80.deploy.akamaitechnologies.com  (95.101.89.80:80)

TCP (HTTP):
Connects to a88-221-116-65.deploy.akamaitechnologies.com  (88.221.116.65:80)

TCP (HTTP):
Connects to a104-107-217-226.deploy.static.akamaitechnologies.com  (104.107.217.226:80)

TCP (HTTP):
Connects to a104-107-217-192.deploy.static.akamaitechnologies.com  (104.107.217.192:80)

TCP (HTTP):
Connects to a88-221-117-43.deploy.akamaitechnologies.com  (88.221.117.43:80)

TCP (HTTP):
Connects to a88-221-116-90.deploy.akamaitechnologies.com  (88.221.116.90:80)

TCP (HTTP):
Connects to a80-228-45-9.deploy.akamai.com  (80.228.45.9:80)

TCP (HTTP):
Connects to a80-228-45-40.deploy.akamai.com  (80.228.45.40:80)

TCP (HTTP):
Connects to a80-228-45-33.deploy.akamai.com  (80.228.45.33:80)

TCP (HTTP):
Connects to a2-16-64-168.deploy.akamaitechnologies.com  (2.16.64.168:80)

TCP (HTTP):
Connects to a2-16-64-144.deploy.akamaitechnologies.com  (2.16.64.144:80)

Remove dmr_72.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.